In 2023, the cybersecurity landscape continued to evolve with new threats emerging and existing threats growing in sophistication and scale. Consider that cybercrime was estimated to cost the world $8 trillion in 2023, according to Cybersecurity Ventures. That breaks down to $667 billion a month, $154 billion a week, $21.9 billion a day, $913 million an hour, $15.2 million a minute and $255,000 a second.
As the cost of cybercrime continued to escalate in 2023, businesses across the globe worked to shore up their defenses against some notable threats, challenges, and trends.
While 2023 is now in the rearview mirror, these cyber issues have significant implications for 2024.
Let’s review what happened in the cybersecurity landscape over the last twelve months and look at what these developments mean for 2024.
In 2023, ransomware continued to plague enterprises, as cyber criminals infiltrated networks and systems to access data, holding this data hostage and threatening to expose it unless ransom demands were met. Bad actors are now carrying out more ransomware attacks faster. In 2019, ransomware deployment time was 60 days. In 2021, the time it took to deploy these attacks dropped to less than four days.
Organizations across every industry were negatively impacted by ransomware last year. Data from Check Point shows that 71% of organizations globally have been affected by costly ransomware attacks. According to the Department of Homeland Security (DHS), ransomware attackers extorted at least $449.1 million globally during the first half of 2023 and were expected to have their second most profitable year in 2023.
What this means for 2024
Moving into 2024, ransomware attacks show no signs of slowing down. As this threat continues to infiltrate organizations, it is projected that ransomware will cost victims approximately $265 billion annually by 2031.
In 2024, ransomware threats will increase with the growing emergence of Ransomware as a Service (RaaS), a subscription-based business model that enables bad actors to launch ransomware attacks by accessing and using pre-developed ransomware tools.
To prevent ransomware in 2024, enterprises will need to place renewed emphasis on keeping systems up to date, backing up important data on a regular basis, implementing a zero trust architecture, and training employees on how to spot and report ransomware threats.
Artificial Intelligence (AI)
Generative AI dominated the headlines in 2023 with the launch of ChatGPT. The commercial use of this technology soared as enterprises experimented with it to gain operational efficiencies. McKinsey’s “The state of AI in 2023: Generative AI’s breakout year” which surveyed 1,684 organizations found that 913 are using AI in at least one business function.
Excitement surrounding the use cases of generative AI in 2023 was tempered by the cyber risks associated with this technology. Data privacy and regulatory compliance issues surfaced as two of the top risks that must be mitigated as organizations adopt this technology. According to the McKinsey report, only 38% of organizations are actively mitigating generative AI’s cybersecurity risks; and just 28% are mitigating its compliance risks.
The major AI-powered threats in 2023 included the use of the technology to execute sophisticated phishing attacks and to deploy malware and ransomware code.
What this means for 2024
AI is here to stay and will continue to increase business risk in 2024. Analyst Firm Forrester predicts that in 2024 at least three data breaches will be publicly blamed on AI-generated code and an app using ChatGPT will be fined for its handling of personally identifiable information (PII). As AI takes hold in more and more enterprises, ensuring data privacy and security will be a top priority in 2024 to deploy this technology safely and securely.
The regulatory landscape continued to evolve in 2023 with regulations and laws surrounding data privacy and protection becoming more pervasive and stringent.
According to the AuditBoard, since the beginning of 2023, six state legislatures implemented comprehensive data privacy laws including Iowa, Indiana, Tennessee, Montana, Oregon, Delaware, and Texas. Complying with a growing patchwork of similar, but different, state privacy and cybersecurity laws posed a major challenge for enterprises in 2023.
Regulatory agencies also continued to step up cybersecurity enforcement in 2023. Last year, the SEC and the CFTC fined 16 financial firms a collective $1.8 billion for the misuse of messaging apps. The fines for using unsecure communications channels now exceed $2.5 billion.
What this means for 2024
The patchwork of state data privacy laws will continue to increase in 2024, placing greater responsibility on enterprises to secure data. Fines for non-compliance also continue to increase, posing a threat to the viability of enterprises that don’t make safeguarding data privacy a priority.
In 2024, enterprises will also need to stay up to date on and ensure compliance with evolving regulatory requirements. The U.S. Securities and Exchange Commission (SEC) introduced new regulations on cyber risk management, governance, and incident disclosure that are phasing in from December 2023 to July 2024. These regulations require publicly traded companies to notify the SEC within four days when they have a material breach.
Gartner notes that by 2024, modern privacy regulation will blanket the majority of consumer data, but less than 10% of organizations will have successfully “weaponized privacy as a competitive advantage”. Gartner recommended that “security leaders enforce a comprehensive privacy standard in line with GDPR to differentiate in an increasingly competitive market…”
When the pandemic hit, enterprises rushed to digitally transform operations to keep their businesses running. In 2023, organizations found they had an excessive number of tools, many of which had overlapping functions. This tool sprawl negatively impacted productivity and was a nightmare for overtaxed IT teams to manage.
A prime example of this is the raft of communication apps which became ubiquitous in the enterprise during the pandemic for their ability to enable real-time collaboration among distributed teams. While teams remained connected, the rush to adopt these tools resulted in collaboration app overload. According to Enterprise Strategy Group (ESG) data, 44% of organizations have deployed six to 10 communications and collaboration platforms, while another 37% use between 11 and 20 platforms.
A tech stack bloated with communication apps created major security and compliance challenges for organizations in 2023. Many of these apps are not built for the enterprise, containing inherent vulnerabilities that provide a gateway for bad actors to access, expose and exploit an enterprise’s sensitive data.
Phishing, malware, ransomware, and data leakage are very real threats that come with communication app sprawl in the enterprise. These threats increase the risk of data breaches that result in business disruption, reputational damage, downtime, legal fees, and fines for compliance violations.
What this means for 2024
Consolidation to rein in tool sprawl and reduce cyber threats will be a priority for enterprises in 2024. More specifically, organizations will make the move to all-in-one, secure mobile messaging platforms with robust security, compliance and control features that are specifically designed to maintain data security, integrity, and privacy.
Secure mobile messaging technology like NetSfere mitigates cyber and compliance risks in business communication, reducing the attack surface and providing no point of entry for malicious hackers intent on accessing sensitive enterprise data.
In 2024, enterprises don’t need a hodgepodge of risk-inducing communication apps to support communication and collaboration. Adopting an enterprise-grade, secure all-in-one mobile messaging platform is the only solution organizations need to reduce cyber risk and protect the integrity and availability of enterprise networks and systems.
Last year saw the landscape of cyber threats and challenges continue to evolve across all sectors. Heading into 2024, enterprises will need to take a more proactive approach to fortifying their cyber security and compliance postures to stay one step ahead of cyber criminals and mitigate the impact of ever-evolving threats.